A non-exhaustive list of topics to be covered include:

  • Information Gathering – OSINT, DNS, SNMP etc.
  • Pentesting Network Components – Router, Switch, Firewall, IDS/IPS
  • Pentesting Windows Environments – domain controllers, pass-the-hash, active directory etc.
  • Pentesting Linux Environments
  • Pentesting Mobile Application Backends
  • Attacking via the DMZ – Web, Email etc.
  • Post Exploitation on Windows, Linux and Mobile OSs
  • Data Exfiltration – tools and techniques
  • Privilege Escalation on Windows and Linux
  • Keeping Access – Backdoors and Rootkits
  • Web Application vulnerability to Shell
  • Scenario based Pentesting
  • Social Engineering Attacks – JAVA Applets, HID devices etc.
  • AV Evasion Techniques
  • Firewall and IDS Evasion
  • … additions will happen based on student feedback